Support for dynamic public key from jwt token

[prasadsawant12]

Checklist

• I agree to the terms within the Auth0 Code of Conduct.

Describe the problem you'd like to have solved

I am upgrading my go-jwt-middleware pkg from v1 to v2. In older implementation there was option to generate public key from token. here is the sample code
func GetJwtMiddleware() *jwtmiddleware.JWTMiddleware { jwtMiddleware := jwtmiddleware.New(jwtmiddleware.Options{ ValidationKeyGetter : func(token *jwt.Token) (interface{}, error) { cert, err := getPemCert(token) if err != nil { panic(err.Error()) } result, _ := jwt.ParseRSAPublicKeyFromPEM([]byte(cert)) return result, nil } SigningMethod: jwt.SigningMethodRS256, }) return jwtMiddleware }

But in V2, there is no option generate public key from token as token is not available in keyFunc function.

Describe the ideal solution

JWT token should be available in keyFunc function along with ctx

Alternatives and current workarounds

No response

Additional context

No response

[developerkunal]

Hi @prasadsawant12,

Hope you're doing well!

Thanks for reaching out. In v2, the keyFunc function no longer receives the token, likely for security reasons. Could you share more about your use case? Are you trying to extract the public key dynamically? Happy to help guide you toward a secure solution!

To align with the updated design and best security practices, it's recommended to manage public keys separately from tokens. Here’s how you can proceed:

🔹 Utilize a JWKS Endpoint – If your authentication provider offers a JWKS (JSON Web Key Set) endpoint, configure your application to fetch public keys from there. This ensures centralized and secure key management.

Would love to hear your thoughts on this approach! Let me know how I can help. 😊